pool/apko
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
apko/apko.changes

2348 lines
92 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-------------------------------------------------------------------
Mon Mar 02 06:16:29 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.12:
* build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 (#2100)
* build(deps): bump k8s.io/apimachinery from 0.35.1 to 0.35.2
(#2099)
* build(deps): bump github.com/cloudflare/circl from 1.6.1 to
1.6.3 in the go_modules group across 1 directory (#2097)
* build(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to
5.17.0 (#2096)
* build(deps): bump google.golang.org/api from 0.268.0 to 0.269.0
(#2095)
* build(deps): bump step-security/harden-runner from 2.14.2 to
2.15.0 (#2094)
* build(deps): bump github.com/google/go-containerregistry from
0.21.0 to 0.21.1 (#2092)
-------------------------------------------------------------------
Wed Feb 25 09:18:59 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.11:
* build(deps): bump github.com/package-url/packageurl-go from
0.1.3 to 0.1.4 (#2082)
* build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4
(#2090)
* build(deps): bump github.com/google/go-containerregistry from
0.20.7 to 0.21.0 (#2081)
* build(deps): bump google.golang.org/api from 0.267.0 to 0.268.0
(#2091)
* build(deps): bump goreleaser/goreleaser-action from 6.4.0 to
7.0.0 (#2088)
* build(deps): bump github/codeql-action from 4.32.3 to 4.32.4
(#2086)
* build(deps): bump chainguard-dev/actions from 1.6.2 to 1.6.3
(#2087)
-------------------------------------------------------------------
Wed Feb 25 09:16:46 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.10:
* chore: Increase max HTTP response size (#2083)
* build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1
in the go_modules group across 1 directory (#2080)
* build(deps): bump go.step.sm/crypto from 0.76.0 to 0.76.2
(#2079)
-------------------------------------------------------------------
Thu Feb 19 07:35:23 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.9:
* sbom: Include predicate type as the output SBOM. (#2005)
* build(deps): bump google.golang.org/api from 0.266.0 to 0.267.0
(#2078)
* build(deps): bump chainguard-dev/actions from 1.6.1 to 1.6.2
(#2077)
* docs: update GoVersion to go1.25. (#2075)
* spdx: set purpose on OCI layers (#2046)
-------------------------------------------------------------------
Tue Feb 17 12:44:40 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.8:
* build(deps): bump chainguard-dev/actions from 1.6.0 to 1.6.1
(#2076)
* build(deps): bump github/codeql-action from 4.32.2 to 4.32.3
(#2073)
* Add LockImageConfigurationWithPackages to return package
metadata (#2061)
-------------------------------------------------------------------
Mon Feb 16 05:51:07 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.7:
* build(deps): bump k8s.io/apimachinery from 0.35.0 to 0.35.1
(#2071)
* build(deps): bump google.golang.org/api from 0.265.0 to 0.266.0
(#2072)
* build(deps): bump chainguard-dev/actions from 1.5.15 to 1.6.0
(#2070)
* build(deps): bump step-security/harden-runner from 2.14.1 to
2.14.2 (#2065)
* build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0
(#2064)
* build(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to
5.16.5 (#2068)
* build(deps): bump github.com/klauspost/compress from 1.18.3 to
1.18.4 (#2066)
-------------------------------------------------------------------
Mon Feb 09 06:18:27 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.6:
* fix: Double default APK data size limit (#2060)
* build(deps): bump github/codeql-action from 4.32.0 to 4.32.1
(#2048)
* build(deps): bump chainguard-dev/actions from 1.5.13 to 1.5.15
(#2057)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.39.0 to
1.40.0 (#2051)
* build(deps): bump go.opentelemetry.io/otel from 1.39.0 to
1.40.0 (#2052)
* build(deps): bump chainguard.dev/sdk from 0.1.49 to 0.1.50
(#2055)
* build(deps): bump google.golang.org/api from 0.264.0 to 0.265.0
(#2056)
* build(deps): bump imjasonh/setup-crane from 0.4 to 0.5 (#2058)
- Update to version 1.1.5:
* fix: Double default APK data size limit again (#2063)
* build(deps): bump github/codeql-action from 4.32.1 to 4.32.2
(#2062)
-------------------------------------------------------------------
Wed Feb 04 06:03:07 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.4:
* fix(spdx): Only warn when the same LicenseIDs have different
text (#2053)
-------------------------------------------------------------------
Tue Feb 03 06:08:05 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.3:
* Bring back the FetchPackage function on APK (#2049)
-------------------------------------------------------------------
Mon Feb 02 05:46:05 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.2:
* tests: improve passwd/group parsing tests (#2045)
-------------------------------------------------------------------
Sun Feb 01 19:30:46 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.1:
* Format README (#2044)
-------------------------------------------------------------------
Fri Jan 30 06:22:05 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.1.0:
* Add limit readers for readers that consume data from external
sources. (#2042)
* build(deps): bump google.golang.org/api from 0.262.0 to 0.263.0
(#2037)
* build(deps): bump github/codeql-action from 4.31.11 to 4.32.0
(#2036)
* build(deps): bump chainguard.dev/sdk from 0.1.48 to 0.1.49
(#2040)
* chore: fix ineffectual err assignment (#2041)
* build(deps): bump go.step.sm/crypto from 0.75.0 to 0.76.0
(#2029)
* Merge commit from fork
* Regenerate apko-discover testdata (#2039)
* build(deps): bump chainguard.dev/sdk from 0.1.47 to 0.1.48
(#2035)
* build(deps): bump chainguard-dev/actions from 1.5.12 to 1.5.13
(#2033)
* build(deps): bump step-security/harden-runner from 2.14.0 to
2.14.1 (#2034)
-------------------------------------------------------------------
Mon Jan 26 06:21:37 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.0.5:
* build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2030)
* build(deps): bump google.golang.org/api from 0.260.0 to 0.262.0
(#2031)
* build(deps): bump github/codeql-action from 4.31.10 to 4.31.11
(#2032)
* build(deps): bump chainguard-dev/actions from 1.5.11 to 1.5.12
(#2026)
* build(deps): bump sigs.k8s.io/release-utils from 0.12.2 to
0.12.3 (#2027)
-------------------------------------------------------------------
Mon Jan 19 06:31:52 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.0.4:
* Fix retry handling of the range retry transport (#2025)
* build(deps): bump github.com/klauspost/compress from 1.18.2 to
1.18.3 (#2024)
* Export tarfs under the expandapk package (#2022)
* Introduce a plug point to exchange the package cache (#2017)
* build(deps): bump chainguard.dev/sdk from 0.1.46 to 0.1.47
(#2019)
-------------------------------------------------------------------
Fri Jan 16 05:58:44 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.0.3:
* sbom: Make sure sbom packages are connected to the document
root. (#2021)
* build(deps): bump google.golang.org/api from 0.259.0 to 0.260.0
(#2020)
-------------------------------------------------------------------
Wed Jan 14 13:35:25 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.0.2:
* Refactor and export range retry transport (#2012)
* Handle race when removing a broken symlink (#2016)
* build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#2013)
* build(deps): bump chainguard.dev/sdk from 0.1.45 to 0.1.46
(#2014)
* Replace SetClient usage with transport configuration (#2006)
* Parse PKGINFO once and reuse parsed structure everywhere
(#2002)
-------------------------------------------------------------------
Wed Jan 14 06:58:40 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 1.0.1:
* build(deps): bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1 (#2010)
* build(deps): bump chainguard-dev/actions from 1.5.10 to 1.5.11
(#2009)
* build(deps): bump github/codeql-action from 4.31.9 to 4.31.10
(#2011)
* Add java truststore support to additional certificates (#1996)
-------------------------------------------------------------------
Mon Jan 12 05:04:35 UTC 2026 - Thomas Bechtold <thomasbechtold@jpberlin.de>
- Update to version 1.0.0:
* sbom: Make reader interface read-only (#2004)
* fix(fs): fix dirFS caching bug where ReadFile returns zeros
(#1984)
* sbom: Refactor Generator interface to be pluggable. (#2000)
* sbom: Deduplicate filesystem arguments. (#2003)
* build(deps): bump google.golang.org/api from 0.258.0 to 0.259.0
(#1999)
* build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0
(#2001)
* Rework global APK cache as a flight cache (#1997)
* build(deps): bump google.golang.org/api from 0.257.0 to 0.258.0
(#1995)
* build(deps): bump k8s.io/apimachinery from 0.34.3 to 0.35.0
(#1993)
* Align go version when linting code with all other actions
(#1998)
* Detect broken symlinks in the cache and fix them (#1994)
* Use in-memory control data everywhere (#1986)
* Rework flight cache into a strongly typed version (#1989)
* Check for validity of the cached expanded APK more thoroughly
(#1987)
-------------------------------------------------------------------
Sun Jan 11 12:50:32 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.35:
* build(deps): bump google.golang.org/api from 0.257.0 to 0.258.0
(#1995)
* build(deps): bump k8s.io/apimachinery from 0.34.3 to 0.35.0
(#1993)
* Align go version when linting code with all other actions
(#1998)
* Detect broken symlinks in the cache and fix them (#1994)
* Use in-memory control data everywhere (#1986)
* Rework flight cache into a strongly typed version (#1989)
* Check for validity of the cached expanded APK more thoroughly
(#1987)
-------------------------------------------------------------------
Fri Dec 19 08:12:34 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.34:
* cli/dot: Rendering improvements (#1992)
-------------------------------------------------------------------
Thu Dec 18 06:04:01 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.33:
* Add support for SPDX SBOMs without shortcut fields. (#1988)
* build(deps): bump github/codeql-action from 4.31.8 to 4.31.9
(#1991)
-------------------------------------------------------------------
Wed Dec 17 06:20:02 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.32:
* lock: populate auto-discovered keys into the json lock file
(#1985)
-------------------------------------------------------------------
Mon Dec 15 05:52:53 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.31:
* build(deps): bump chainguard.dev/sdk from 0.1.44 to 0.1.45
(#1980)
* build(deps): bump github/codeql-action from 4.31.7 to 4.31.8
(#1982)
* build(deps): bump step-security/harden-runner from 2.13.3 to
2.14.0 (#1983)
-------------------------------------------------------------------
Fri Dec 12 12:16:14 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.30:
* build(deps): bump github.com/chainguard-dev/clog from 1.7.0 to
1.8.0 (#1981)
* cache keys by name (#1968)
* build(deps): bump k8s.io/apimachinery from 0.34.2 to 0.34.3
(#1979)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.38.0 to
1.39.0 (#1974)
* build(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0
(#1973)
* build(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0
(#1972)
* build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0
(#1971)
* build(deps): bump github/codeql-action from 4.31.6 to 4.31.7
(#1970)
* Add the ability to specify additional certs to be added to the
image (#1977)
* build(deps): bump step-security/harden-runner from 2.13.3 to
2.14.0 (#1978)
* cli/dot: Ignore Duplicate Node errors (#1976)
-------------------------------------------------------------------
Mon Dec 08 08:06:03 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.29:
* build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2
(#1966)
-------------------------------------------------------------------
Thu Dec 04 06:05:54 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.28:
* Gracefully handle cached files being deleted (#1959)
* Add a test that important files come early in extracted images
(#1964)
* build(deps): bump go.step.sm/crypto from 0.74.0 to 0.75.0
(#1963)
* build(deps): bump google.golang.org/api from 0.256.0 to 0.257.0
(#1962)
* build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#1961)
* build(deps): bump golangci/golangci-lint-action from 9.1.0 to
9.2.0 (#1960)
* build(deps): bump github.com/klauspost/compress from 1.18.1 to
1.18.2 (#1957)
* build(deps): bump github/codeql-action from 4.31.5 to 4.31.6
(#1958)
* build(deps): bump step-security/harden-runner from 2.13.2 to
2.13.3 (#1956)
-------------------------------------------------------------------
Thu Dec 04 06:00:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.27:
* build(deps): bump github.com/go-git/go-git/v5 from 5.16.3 to
5.16.4 (#1950)
* build(deps): bump chainguard.dev/sdk from 0.1.43 to 0.1.44
(#1955)
* build(deps): bump github.com/google/go-containerregistry from
0.20.6 to 0.20.7 (#1954)
* build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#1948)
* build(deps): bump chainguard-dev/actions from 1.5.9 to 1.5.10
(#1951)
* build(deps): bump github/codeql-action from 4.31.4 to 4.31.5
(#1952)
* build(deps): bump golangci/golangci-lint-action from 9.0.0 to
9.1.0 (#1953)
-------------------------------------------------------------------
Mon Nov 24 07:05:00 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.26:
* Update tmc/dot to new version (#1910)
* build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#1947)
-------------------------------------------------------------------
Fri Nov 21 06:15:28 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.25:
* build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#1942)
* build(deps): bump google.golang.org/api from 0.255.0 to 0.256.0
(#1933)
* build(deps): bump k8s.io/apimachinery from 0.34.1 to 0.34.2
(#1934)
* build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in
the go_modules group across 1 directory (#1946)
* build(deps): bump github/codeql-action from 4.31.3 to 4.31.4
(#1945)
-------------------------------------------------------------------
Tue Nov 18 12:23:19 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.24:
* Return structured error if path mutations result in an "already
exists" error (#1937)
-------------------------------------------------------------------
Tue Nov 18 06:11:58 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.23:
* github: build samples offline too (#1941)
* apk: fix offline cached builds with alpine key discovery
(#1938)
* build(deps): bump chainguard-dev/actions from 1.5.8 to 1.5.9
(#1939)
-------------------------------------------------------------------
Mon Nov 17 06:18:09 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.22:
* build(deps): bump github/codeql-action from 4.31.2 to 4.31.3
(#1936)
* Add support for tagged repositories (#1868)
* build(deps): bump github/codeql-action from
8a06050a8c0348fb4738f28e0cfbb6727cf054ce to
04bd5c6aabdcaa5cccaf378a97ef5062b2061cd0 (#1927)
* build(deps): bump google.golang.org/api from 0.254.0 to 0.255.0
(#1917)
* build(deps): bump go.step.sm/crypto from 0.73.0 to 0.74.0
(#1914)
* build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0
(#1921)
* build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0
(#1924)
* build(deps): bump chainguard-dev/actions from 1.5.7 to 1.5.8
(#1928)
* build(deps): bump golangci/golangci-lint-action from 8.0.0 to
9.0.0 (#1929)
* build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0
(#1925)
* build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0
(#1926)
-------------------------------------------------------------------
Mon Nov 10 13:03:00 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.21:
* Upgrade golangci-lint to 2.6.1 and enable modernize linter
(#1916)
* build(deps): bump step-security/harden-runner from 2.13.1 to
2.13.2 (#1919)
-------------------------------------------------------------------
Tue Nov 04 08:34:53 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.20 (.19 was not released):
* chore: pin cosign to v2.x (#1913)
* auth: Reuse sts exchanger (#1912)
* build(deps): bump github/codeql-action from 4.31.0 to 4.31.2
(#1908)
* build(deps): bump go.step.sm/crypto from 0.72.0 to 0.73.0
(#1906)
* build(deps): bump google.golang.org/api from 0.253.0 to 0.254.0
(#1905)
* build(deps): bump sigstore/cosign-installer from 3.10.0 to
4.0.0 (#1894)
* oci: in docker image history comment set image title and vendor
(#1907)
-------------------------------------------------------------------
Mon Nov 03 09:15:23 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.18:
* build(deps): bump github.com/klauspost/compress from 1.18.0 to
1.18.1 (#1895)
* build(deps): bump github.com/go-git/go-git/v5 from 5.16.2 to
5.16.3 (#1875)
* build(deps): bump github/codeql-action from 4.30.8 to 4.30.9
(#1896)
* build(deps): bump chainguard-dev/actions from 1.5.6 to 1.5.7
(#1898)
* build(deps): bump chainguard.dev/sdk from 0.1.41 to 0.1.43
(#1897)
* build(deps): bump google.golang.org/api from 0.251.0 to 0.253.0
(#1900)
* Pin test examples to alpine v3.22 due to ongoing usr-merge
effort (#1902)
* Use cached resolvers to compute disqualifications (#1892)
-------------------------------------------------------------------
Mon Oct 20 05:38:45 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.17:
* Only cut releases if we've seen material changes (#1891)
* build(deps): bump go.step.sm/crypto from 0.71.0 to 0.72.0
(#1890)
* build(deps): bump go.step.sm/crypto from 0.70.0 to 0.71.0
(#1888)
* build(deps): bump chainguard-dev/actions from 1.5.4 to 1.5.6
(#1889)
* build(deps): bump github/codeql-action from 3.30.5 to 4.30.8
(#1886)
* build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.4
(#1887)
-------------------------------------------------------------------
Mon Oct 13 10:50:38 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.16:
* Fixes local tag publishing (#1880)
-------------------------------------------------------------------
Wed Oct 08 04:50:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.15:
* DirFS: correct resetting of permissions (#1877)
* build(deps): bump chainguard-dev/actions from 1.5.2 to 1.5.3
(#1876)
-------------------------------------------------------------------
Mon Oct 06 05:31:49 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.14:
* build(deps): bump chainguard-dev/actions from 1.5.1 to 1.5.2
(#1871)
* build(deps): bump github/codeql-action from 3.30.4 to 3.30.5
(#1870)
-------------------------------------------------------------------
Mon Sep 29 04:42:30 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.13:
* build(deps): bump google.golang.org/api from 0.249.0 to 0.250.0
(#1869)
* build(deps): bump github/codeql-action from 3.30.3 to 3.30.4
(#1867)
* Stop defensively cloning giant maps (#1865)
* build(deps): bump sigs.k8s.io/release-utils from 0.12.1 to
0.12.2 (#1864)
* build(deps): bump chainguard-dev/actions from 1.4.15 to 1.5.1
(#1863)
-------------------------------------------------------------------
Mon Sep 22 05:11:36 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.12:
* build(deps): bump chainguard-dev/actions from 1.4.14 to 1.4.15
(#1858)
* build(deps): bump sigstore/cosign-installer from 3.9.2 to
3.10.0 (#1859)
-------------------------------------------------------------------
Thu Sep 18 05:39:02 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.11:
* build(deps): bump step-security/harden-runner from 2.13.0 to
2.13.1 (#1855)
* build(deps): bump google.golang.org/api from 0.248.0 to 0.249.0
(#1850)
* build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1
(#1854)
* build(deps): bump github/codeql-action from 3.30.1 to 3.30.3
(#1857)
-------------------------------------------------------------------
Thu Sep 18 05:38:06 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.10:
* bug-fix: handles usrmerge base image correctly (#1856)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.37.0 to
1.38.0 (#1838)
* build(deps): bump golang.org/x/sys from 0.35.0 to 0.36.0
(#1847)
* build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
(#1837)
* build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#1843)
* build(deps): bump github/codeql-action from 3.29.11 to 3.30.1
(#1844)
* build(deps): bump golang.org/x/time from 0.12.0 to 0.13.0
(#1846)
* build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0
(#1848)
* build(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0
(#1849)
* build(deps): bump chainguard-dev/actions from 1.4.12 to 1.4.14
(#1845)
-------------------------------------------------------------------
Thu Sep 18 05:35:17 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.9:
* Update release.md to use release workflow (#1842)
-------------------------------------------------------------------
Thu Sep 18 05:32:27 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.8:
* Reduce the log noise from auto-auth failures. (#1835)
* build(deps): bump k8s.io/apimachinery from 0.33.4 to 0.34.0
(#1833)
* build(deps): bump github.com/u-root/u-root from 0.14.0 to
0.15.0 (#1828)
-------------------------------------------------------------------
Tue Sep 02 05:39:37 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.7:
* build(deps): bump github/codeql-action from 3.29.10 to 3.29.11
(#1834)
* build(deps): bump github/codeql-action from 3.29.9 to 3.29.10
(#1824)
* build(deps): bump go.step.sm/crypto from 0.69.0 to 0.70.0
(#1827)
* build(deps): bump chainguard.dev/sdk from 0.1.37 to 0.1.41
(#1831)
* build(deps): bump github.com/stretchr/testify from 1.11.0 to
1.11.1 (#1832)
* build(deps): bump github.com/stretchr/testify from 1.10.0 to
1.11.0 (#1829)
* build(deps): bump chainguard-dev/actions from 1.4.11 to 1.4.12
(#1830)
-------------------------------------------------------------------
Mon Aug 25 04:45:57 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.6:
* build(deps): bump chainguard-dev/actions from 1.4.9 to 1.4.11
(#1825)
-------------------------------------------------------------------
Tue Aug 19 05:21:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.5:
* build(deps): bump goreleaser/goreleaser-action from 6.3.0 to
6.4.0 (#1817)
* ci - make verify workflow use golang 1.24 for compat with
golangci-lint (#1820)
* Updates and fixes to writing of apk/db/installed (#1811)
* build(deps): bump github/codeql-action from 3.29.8 to 3.29.9
(#1812)
* build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1809)
* build(deps): bump chainguard-dev/actions from 1.4.8 to 1.4.9
(#1808)
-------------------------------------------------------------------
Tue Aug 19 05:19:08 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.4:
* Revert "fix: include root-level files in the installed apk
database. (#1807)
-------------------------------------------------------------------
Tue Aug 19 05:05:19 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.3:
* build(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0
(#1798)
* build(deps): bump google.golang.org/api from 0.245.0 to 0.246.0
(#1799)
* build(deps): bump go.step.sm/crypto from 0.67.0 to 0.69.0
(#1800)
* build(deps): bump github/codeql-action from 3.29.7 to 3.29.8
(#1803)
* build(deps): bump sigs.k8s.io/release-utils from 0.12.0 to
0.12.1 (#1804)
* fix: include root-level files in the installed apk database.
(#1801)
* build(deps): bump chainguard-dev/actions from 1.4.7 to 1.4.8
(#1796)
* build(deps): bump google.golang.org/api from 0.243.0 to 0.245.0
(#1797)
-------------------------------------------------------------------
Fri Aug 01 12:01:36 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.2:
* Add support for runtime-only repositories (#1790)
* build(deps): bump github/codeql-action from 3.29.4 to 3.29.5
(#1789)
* build(deps): bump google.golang.org/api from 0.242.0 to 0.243.0
(#1778)
* build(deps): bump github.com/docker/docker from
28.2.2+incompatible to 28.3.3+incompatible in the go_modules
group (#1787)
-------------------------------------------------------------------
Fri Aug 01 11:57:59 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.1:
* Revert "Add support for runtime-only repositories" (#1788)
-------------------------------------------------------------------
Fri Aug 01 11:49:55 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.30.0:
* Add support for runtime-only repositories (#1786)
* add clean command to clear apk cache (#1746)
* build(deps): bump chainguard-dev/actions from 1.4.6 to 1.4.7
(#1785)
-------------------------------------------------------------------
Mon Jul 28 05:31:56 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.10:
* chore(typos): fix typos in comments and documentation (#1772)
* DirFS implementations: make Create() default to safer
permissions (#1783)
* Fix parsing of apk installed for files in top level directory.
(#1779)
* build(deps): bump github/codeql-action from 3.29.3 to 3.29.4
(#1777)
-------------------------------------------------------------------
Thu Jul 24 08:20:01 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.9:
* Ensure parent dirs exist for partial idb (#1776)
* build(deps): bump chainguard-dev/actions from 1.4.5 to 1.4.6
(#1775)
* build(deps): bump github/codeql-action from 3.29.2 to 3.29.3
(#1774)
-------------------------------------------------------------------
Thu Jul 24 08:06:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.8:
* build(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2
(#1771)
* Close response from index HEAD request (#1770)
* build(deps): bump sigs.k8s.io/release-utils from 0.11.1 to
0.12.0 (#1766)
* build(deps): bump chainguard.dev/sdk from 0.1.36 to 0.1.37
(#1767)
-------------------------------------------------------------------
Thu Jul 17 05:55:04 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.7:
* Fix OPERATING-SYSTEM primaryPackagePurpose (#1763)
* build(deps): bump google.golang.org/api from 0.241.0 to 0.242.0
(#1762)
* build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3
(#1760)
* build(deps): bump step-security/harden-runner from 2.12.2 to
2.13.0 (#1759)
* build(deps): bump chainguard.dev/sdk from 0.1.35 to 0.1.36
(#1757)
-------------------------------------------------------------------
Thu Jul 17 05:52:34 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.6:
* Add a test case for /etc/ld.so.cache permissions (#1761)
-------------------------------------------------------------------
Thu Jul 17 05:49:04 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.5:
* fix: /etc/ld.so.cache file permissions (#1758)
-------------------------------------------------------------------
Wed Jul 16 06:16:38 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.4:
* Write a partial installed db to every layer (#1752)
* build(deps): bump google.golang.org/api from 0.240.0 to 0.241.0
(#1749)
* build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0
(#1750)
* build(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0
(#1751)
* build(deps): bump chainguard.dev/sdk from 0.1.34 to 0.1.35
(#1754)
* build(deps): bump chainguard-dev/actions from 1.4.4 to 1.4.5
(#1755)
-------------------------------------------------------------------
Tue Jul 15 05:59:42 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.3:
* Hook up logger in spdx generation (#1747)
* Use contextualized loggers everywhere (#1748)
* build(deps): bump chainguard-dev/actions from 1.4.3 to 1.4.4
(#1745)
-------------------------------------------------------------------
Mon Jul 07 04:41:17 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.2:
* build(deps): bump google.golang.org/api from 0.239.0 to 0.240.0
(#1744)
* [StepSecurity] Apply security best practices (#1742)
* build(deps): bump step-security/harden-runner from 2.11.1 to
2.12.2 (#1740)
* build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (#1741)
* build(deps): bump sigstore/cosign-installer from 3.8.1 to 3.9.1
(#1739)
-------------------------------------------------------------------
Wed Jul 02 05:16:23 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.1:
* Wrap lazy compress() in a mutex (#1738)
* github: copy release workflow from melange (#1737)
* upgrade golanci-lint to v2 (#1736)
* build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.33.2
(#1720)
* build(deps): bump github.com/google/go-containerregistry from
0.20.4-0.20250225234217-098045d5e61f to 0.20.6 (#1714)
* build(deps): bump chainguard.dev/sdk from 0.1.31 to 0.1.34
(#1699)
* build(deps): bump github/codeql-action from 3.29.1 to 3.29.2
(#1732)
* build(deps): bump chainguard-dev/actions from 1.4.2 to 1.4.3
(#1733)
* build(deps): bump step-security/harden-runner from 2.12.1 to
2.12.2 (#1734)
-------------------------------------------------------------------
Tue Jul 01 10:06:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.29.0:
* Lazily compress layers, maintain diffID -> digest cache (#1735)
-------------------------------------------------------------------
Mon Jun 30 13:34:41 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.28.0:
* build(deps): bump google.golang.org/api from 0.238.0 to 0.239.0
(#1726)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.36.0 to
1.37.0 (#1728)
* build(deps): bump github/codeql-action from 3.29.0 to 3.29.1
(#1730)
* fix(pkg/lock): Arch2LockedPackages produces empty/broken APK
world files (#1731)
* build(deps): bump github.com/hashicorp/go-retryablehttp from
0.7.7 to 0.7.8 (#1725)
* build(deps): bump google.golang.org/api from 0.231.0 to 0.238.0
(#1718)
* build(deps): bump chainguard-dev/actions from 1.4.1 to 1.4.2
(#1724)
* build(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to
5.16.2 (#1708)
* build(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.1
(#1723)
* build(deps): bump go.step.sm/crypto from 0.60.0 to 0.67.0
(#1722)
* sbom: export ParseReleaseData for external use (#1721)
* build(deps): bump chainguard-dev/actions from 1.3.0 to 1.4.1
(#1719)
* build(deps): bump chainguard-dev/actions from 1.2.1 to 1.3.0
(#1717)
* Document how layering works (#1703)
* build(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0
(#1716)
* CONTRIBUTING.md: website link for golangci-lint has moved
(#1608)
* build(deps): bump chainguard-dev/actions from 1.1.3 to 1.2.1
(#1715)
* dot: switch from open-golang to pkg/browser (#1713)
* build(deps): bump github/codeql-action from 3.28.17 to 3.29.0
(#1709)
* build(deps): bump step-security/harden-runner from 2.11.1 to
2.12.1 (#1710)
* add pkg/version to report Apko dep version (#1698)
* build(deps): bump chainguard-dev/actions from 1.1.1 to 1.1.3
(#1707)
* Upgrade go-containerregistry (#1659)
* Retract v0.27.8 (#1694)
-------------------------------------------------------------------
Sat May 31 06:27:17 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.9 (0.27.8 was yanked):
* Add an OperatingSystem package to our image SBOMs (#1690)
* build(deps): bump chainguard-dev/actions from 1.1.0 to 1.1.1
(#1688)
* build(deps): bump chainguard-dev/actions from 1.0.8 to 1.1.0
(#1687)
* Add support for the =~ constraint (#1681)
-------------------------------------------------------------------
Thu May 22 04:37:55 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.7:
* improve error messages in expandApk (#1675)
* [StepSecurity] Apply security best practices (#1674)
* sbom: resolve issues with missing/invalid image SBOM
information (#1672)
-------------------------------------------------------------------
Tue May 13 04:29:43 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.6:
* lock: fix up filter for wanted arches (#1670)
* ldsocache snapshot/20250507 (#1665)
-------------------------------------------------------------------
Mon May 12 19:02:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.5:
* build(deps): bump github.com/charmbracelet/log from 0.4.1 to
0.4.2 (#1669)
* Respect arch flags when using lockfiles (#1664)
-------------------------------------------------------------------
Fri May 09 05:20:49 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.4:
* Guard against empty inputs list in unify() (#1668)
* build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (#1666)
* Remove link to "support" (#1662)
-------------------------------------------------------------------
Wed May 07 18:52:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.3:
* Fix build_repositories for layered images (#1663)
* README: fix url typo (#1661)
* build(deps): bump golang.org/x/sys from 0.32.0 to 0.33.0
(#1655)
* build(deps): bump google.golang.org/api from 0.229.0 to 0.231.0
(#1647)
* build(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0
(#1656)
* build(deps): bump github.com/go-git/go-git/v5 from 5.14.0 to
5.16.0 (#1626)
* build(deps): bump sigstore/cosign-installer from 3.8.1 to 3.8.2
(#1639)
* build(deps): bump github/codeql-action from 3.28.14 to 3.28.17
(#1652)
* build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0
(#1657)
-------------------------------------------------------------------
Tue May 06 04:35:14 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.2:
* Make apko hermetic again. (#1654)
* usrmerge: apko needs to create apk dirs in /usr/lib instead of
/lib (#1593)
* auth: Add oauth2.TokenSource auth provider (#1651)
* Use maps and slices from stdlib (#1646)
* Drop cosign dep (#1645)
-------------------------------------------------------------------
Tue Apr 29 05:55:15 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.1:
* Allow an empty layering object for legacy behavior (#1643)
* apk: expose ParsedConstraint version (#1640)
-------------------------------------------------------------------
Thu Apr 24 15:31:31 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.27.0:
* Potentially Breaking
Since we now populate etc/ld.so.cache, we expect content to
change from the previous release, and it's possible that this
will have observable effects (positive, we hope) on the images
at runtime.
* What's Changed
- generate /etc/ld.so.cache by @dannf in #1629
- Drop experimental tag from layering by @jonjohnsonjr in #1635
- Apko 0.26.0 regression: Build with base stopped working. by
@sfc-gh-ptabor in #1633
- Apko keyrings to recognize key suffixes when lost during
fetch: by @sfc-gh-ptabor in #1630
- ldso-cache: Fix small nits by @jonjohnsonjr in #1634
-------------------------------------------------------------------
Sat Apr 19 15:36:51 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.26.1:
* apk cache: ignore error on cache tmpfile chmod (#1631)
-------------------------------------------------------------------
Wed Apr 16 15:36:17 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.26.0:
This release is a minor bump to signal that some potentially (and
if so, unintentional) breaking changes around so: providers and
PATH.
This release also introduces experimental support for an opt-in
layering field that does automatic layering of packages based on
some heuristics, with the goal of reducing waste by deduplicating
contents between image builds.
* What's Changed
- version.go: Ignore soname-versioned provides/depends for
shlibs by @sergiodj in #1619
- Implement generic layering by @jonjohnsonjr in #1617
- Update default PATH to support sbin-merge by @xnox in #1620
- Do not retry with jitter when discoveringKeys in offline
mode. by @sfc-gh-ptabor in #1610
- CacheDir support for apko lock by @sfc-gh-ptabor in #1612
- Fix reproducibility test digest by @jonjohnsonjr in #1622
- build(deps): bump google.golang.org/api from 0.228.0 to
0.229.0 by @dependabot in #1623
- layering: Synthesize directory timestamps by @jonjohnsonjr in
#1624
-------------------------------------------------------------------
Mon Apr 14 07:48:47 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.25.7:
* apk: fix cached APKINDEX to be world readable (#1621)
* Use a lazy layerWriter for writing tar files (#1616)
* Rewrite writeTar in terms of iterators (#1615)
* For multi-layer images, include all layers (#1611)
* Consider deps resolved if other resolved deps already provide
them (#1606)
* refactor: slim down interface requirements for fetching
packages (#1614)
* Drop pkg/apk/tarball (#1613)
* Un-abstract the tarball package (#1609)
* Pass through ReadAt to tarfs (#1607)
* build(deps): bump go.step.sm/crypto from 0.59.1 to 0.60.0
(#1592)
* build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
(#1601)
* build(deps): bump google.golang.org/api from 0.225.0 to 0.228.0
(#1591)
* build(deps): bump sigs.k8s.io/release-utils from 0.11.0 to
0.11.1 (#1594)
* build(deps): bump goreleaser/goreleaser-action from 6.2.1 to
6.3.0 (#1597)
* build(deps): bump step-security/harden-runner from 2.11.0 to
2.11.1 (#1599)
* build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0
(#1602)
* build(deps): bump github/codeql-action from 3.27.9 to 3.28.14
(#1603)
-------------------------------------------------------------------
Tue Apr 01 17:31:27 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 0.25.6:
* paths: prefer to use relative paths (#1598)
* fix(tar): make writeTar reproducible for apko (#1595)
* Make mechanical changes to allow multiple layers (#1589)
* build.go: Export APK from build context (#1587)
* Cache DiscoverKeys calls via the shared cache (#1583)
* [StepSecurity] ci: Harden GitHub Actions (#1581)
* build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#1577)
-------------------------------------------------------------------
Thu Mar 20 05:49:15 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.5:
* returns structured errors when origins conflict (#1578)
* build(deps): bump golangci/golangci-lint-action from 6.5.1 to
6.5.2 (#1575)
-------------------------------------------------------------------
Fri Mar 14 06:28:53 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.4:
* build(deps): bump golangci/golangci-lint-action from 6.5.0 to
6.5.1 (#1571)
* Preserve symlinks in DirFS (#1570)
* build(deps): bump go.step.sm/crypto from 0.57.1 to 0.59.1
(#1559)
* build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3
(#1566)
* build(deps): bump github.com/charmbracelet/log from 0.4.0 to
0.4.1 (#1569)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.34.0 to
1.35.0 (#1562)
* build(deps): bump google.golang.org/api from 0.223.0 to 0.225.0
(#1567)
-------------------------------------------------------------------
Thu Mar 13 05:53:15 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.3:
* Use sync.Pools for allocations (#1568)
* Add SubFS implementation for Melange (#1560)
-------------------------------------------------------------------
Mon Mar 10 12:43:48 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.2:
* apko: make apk cache safer for multi-writers (#1564)
* build(deps): bump docker/setup-qemu-action from 3.5.0 to 3.6.0
(#1552)
* build(deps): bump github.com/chainguard-dev/clog from 1.6.1 to
1.7.0 (#1555)
* spdx: add attributionText field (#1554)
* dot: Do a slightly better job (#1553)
* apk/signature: remove support for creating new SHA1 signatures
(#1496)
* build(deps): bump google.golang.org/api from 0.222.0 to 0.223.0
(#1545)
* build(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to
5.14.0 (#1548)
* build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to
3.0.4 in the go_modules group (#1547)
* build(deps): bump docker/setup-qemu-action from 3.4.0 to 3.5.0
(#1549)
* Make LockImageConfiguration incorporate options (#1540)
* build(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
(#1537)
* build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
(#1542)
* build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to
4.0.5 in the go_modules group (#1539)
* build(deps): bump golangci/golangci-lint-action from 6.3.2 to
6.5.0 (#1532)
* build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2
(#1527)
* build(deps): bump github.com/klauspost/compress from 1.17.11 to
1.18.0 (#1536)
* build(deps): bump github.com/sigstore/cosign/v2 from 2.4.2 to
2.4.3 (#1535)
* build(deps): bump google.golang.org/api from 0.220.0 to 0.222.0
(#1534)
* build(deps): bump step-security/harden-runner from 2.10.4 to
2.11.0 (#1533)
* build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
(#1531)
-------------------------------------------------------------------
Sun Feb 16 08:52:28 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.1:
* Improve conflict error (#1529)
-------------------------------------------------------------------
Thu Feb 13 06:17:28 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.25.0:
* spdx: explain SHA1 usage (#1501)
* Consider already selected packages during solve (#1406)
* build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to
5.13.2 (#1491)
* build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
(#1511)
* build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
(#1510)
* build(deps): bump github.com/chainguard-dev/clog from 1.5.1 to
1.6.1 (#1500)
* move some unnecessary logs to debug (#1522)
* build(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
(#1509)
* build(deps): bump go.step.sm/crypto from 0.57.0 to 0.57.1
(#1504)
* build(deps): bump chainguard.dev/sdk from 0.1.29 to 0.1.31
(#1498)
* build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0
(#1515)
* build(deps): bump github.com/sigstore/cosign/v2 from 2.4.1 to
2.4.2 (#1517)
* build(deps): bump golangci/golangci-lint-action from 6.3.0 to
6.3.2 (#1521)
* clean up ci permissions and update golangci-lint (#1523)
* build(deps): bump goreleaser/goreleaser-action from 6.1.0 to
6.2.1 (#1520)
* build(deps): bump google.golang.org/api from 0.217.0 to 0.220.0
(#1514)
* build(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
(#1513)
* build(deps): bump golangci/golangci-lint-action from 6.2.0 to
6.3.0 (#1512)
-------------------------------------------------------------------
Fri Jan 31 05:36:31 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.24.0:
* Allow passing in an http.RoundTripper (#1505)
* fix(apk/client): silence request logging (#1497)
* Return an if fetching index fails (#1495)
* Disallow '/' in key name (#1494)
* Revert "Disallow `/` in key names" (#1493)
* Disallow `/` in key names
-------------------------------------------------------------------
Thu Jan 23 06:07:29 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.23.0:
* fix multi key support in APKINDEX verification (#1490)
-------------------------------------------------------------------
Wed Jan 22 05:58:48 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.7:
* Guard against os-release panic (#1488)
* build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#1487)
* build(deps): bump google.golang.org/api from 0.216.0 to 0.217.0
(#1480)
* build(deps): bump go.opentelemetry.io/otel from 1.33.0 to
1.34.0 (#1486)
* build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1
(#1482)
* build(deps): bump go.step.sm/crypto from 0.56.0 to 0.57.0
(#1479)
* build(deps): bump step-security/harden-runner from 2.10.3 to
2.10.4 (#1484)
* build(deps): bump github.com/google/go-containerregistry from
0.20.2 to 0.20.3 (#1481)
* build(deps): bump golangci/golangci-lint-action from 6.1.1 to
6.2.0 (#1483)
* Fix package name handling to retain version and strip @
suffix (#1472)
* build(deps): bump google.golang.org/api from 0.215.0 to 0.216.0
(#1473)
* build(deps): bump step-security/harden-runner from 2.10.2 to
2.10.3 (#1476)
* Improve error graph for failed solve (#1474)
-------------------------------------------------------------------
Thu Jan 09 06:40:49 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.6:
* Base32-encode etag values (#1470)
* build(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0
(#1469)
* Add the extra flags to `build-minirootfs` (#1467)
* Fix logging output of user.GID (#1466)
* build(deps): bump google.golang.org/api from 0.214.0 to 0.215.0
(#1465)
-------------------------------------------------------------------
Tue Jan 07 08:04:31 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.5:
* Return err if locking fails (#1464)
* build(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to
5.13.1 (#1461)
* build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
(#1463)
* build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#1462)
* build(deps): bump github.com/invopop/jsonschema from 0.12.0 to
0.13.0 (#1460)
* build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
5.13.0 (#1458)
* build(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0
(#1459)
* build(deps): bump chainguard.dev/sdk from 0.1.28 to 0.1.29
(#1428)
-------------------------------------------------------------------
Sat Dec 21 14:18:05 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.4:
* Mark base image as experimental (#1453)
* build(deps): bump go.step.sm/crypto from 0.55.0 to 0.56.0
* (#1451) build(deps): bump google.golang.org/api from 0.213.0 to
* 0.214.0 (#1452)
-------------------------------------------------------------------
Fri Dec 20 05:52:08 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.3:
* Make GID its own type to prevent defaulting to 0 (#1449)
* Create codeql.yml (#1439)
* build(deps): bump google.golang.org/api from 0.211.0 to 0.213.0
(#1446)
* Add a unit test for the sort ordering change. (#1444)
* Add an explicit sort to squash diffs. (#1443)
-------------------------------------------------------------------
Sat Dec 14 21:34:51 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.2:
* Lock image configs before building (#1441)
-------------------------------------------------------------------
Sat Dec 14 21:32:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.1:
* pkg/apk: switch to SHA2-256 based signatures by default (#1440)
-------------------------------------------------------------------
Sat Dec 14 21:15:16 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.22.0:
* pkg/apk: switch to SHA2-256 based signatures by default
* Include /opt by default (#1435)
* build(deps): bump go.opentelemetry.io/otel from 1.32.0 to
1.33.0 (#1437)
* build(deps): bump github/codeql-action from 3.27.7 to 3.27.9
(#1438)
* build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.32.0
(#1434)
* build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in
the go_modules group (#1433)
* build(deps): bump actions/setup-go from 5.0.2 to 5.2.0 (#1431)
* build(deps): bump google.golang.org/api from 0.209.0 to 0.211.0
(#1429)
-------------------------------------------------------------------
Thu Dec 12 05:54:50 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.21.0:
* Make LockImageConfiguration multi-arch aware (#1432)
-------------------------------------------------------------------
Wed Dec 11 07:01:11 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.20.2:
* Ignore scripts that aren't executable (#1427)
* build(deps): bump github/codeql-action from 3.27.6 to 3.27.7
(#1426)
* use retryablehttp in DiscoverKeys and pkg/apk (#1398)
* build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0
(#1422)
* build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
(#1421)
* build(deps): bump go.step.sm/crypto from 0.54.2 to 0.55.0
(#1419)
* build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
(#1420)
* build(deps): bump github.com/chainguard-dev/clog from
1.5.1-0.20240811185937-4c523ae4593f to 1.5.1 (#1418)
* build(deps): bump github.com/stretchr/testify from 1.9.0 to
1.10.0 (#1417)
* build(deps): bump google.golang.org/api from 0.207.0 to 0.209.0
(#1414)
* Drop tests that are failing (#1416)
* fix(spdx): more helpful error message on license merge (#1413)
* build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3
(#1411)
-------------------------------------------------------------------
Thu Nov 21 07:50:29 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.20.1:
* fix: Allow accounts to belong to GID 0 (#1407)
* build(deps): bump github/codeql-action from 3.27.4 to 3.27.5
(#1410)
* build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0
(#1409)
* build(deps): bump step-security/harden-runner from 2.10.1 to
2.10.2 (#1408)
* build(deps): bump google.golang.org/api from 0.205.0 to 0.206.0
(#1405)
-------------------------------------------------------------------
Fri Nov 15 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.20.0:
* Pass errors up the stack in CalculateWorld and InstallPackages
(#1404)
* build(deps): bump github/codeql-action from 3.27.2 to 3.27.4
(#1403)
* build(deps): bump go.step.sm/crypto from 0.54.0 to 0.54.2
(#1402)
* build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#1389)
* build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
(#1390)
* build(deps): bump github/codeql-action from 3.27.1 to 3.27.2
(#1400)
* build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
(#1395)
* build(deps): bump go.opentelemetry.io/otel from 1.31.0 to
1.32.0 (#1396)
* build(deps): bump google.golang.org/api from 0.204.0 to 0.205.0
(#1388)
* build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#1391)
* Add support for extras in `build-cpio` (#1394)
* build(deps): bump goreleaser/goreleaser-action from 6.0.0 to
6.1.0 (#1392)
* Record the `apko.json` file used to produce this image. (#1353)
* docs(apk): document apkindex methods (#1393)
-------------------------------------------------------------------
Tue Nov 12 07:33:59 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.9:
* fix: --cache-dir broken after in 0.19.3+ (#1382)
* fix: ensure cacheTransport returns an error for non-200
responses (#1381)
* Attempt to flush renamed files in cache (#1387)
-------------------------------------------------------------------
Tue Nov 05 09:44:20 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.8:
* build(deps): bump google.golang.org/api from 0.203.0 to 0.204.0
(#1384)
* Re-instantiate each APK's tarfs after caching (#1383)
-------------------------------------------------------------------
Thu Oct 31 20:05:38 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.7:
* Drop errgroup.WithContext and add withCause (#1380)
* Allow multiauthenticator to try all authenticators (#1379)
-------------------------------------------------------------------
Wed Oct 30 08:08:58 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.6:
* MergeInto should include Volumes (#1376)
-------------------------------------------------------------------
Tue Oct 29 13:58:07 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.5:
* rsa: remove backwards compat APIs (#1307)
* fix bug with triggers encoded in triggers file (#1358)
-------------------------------------------------------------------
Sat Oct 26 08:22:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.4:
* Make MergeInto threadsafe (#1374)
* set downloadLocation to NOASSERTION when apk.URL is unset
(#1372)
* fix concurrent annotation map update (#1370)
* fix data race in index cache (#1369)
-------------------------------------------------------------------
Fri Oct 25 12:12:31 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.3:
* build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2
(#1363)
* build(deps): bump github/codeql-action from 3.26.13 to 3.27.0
(#1356)
* build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#1355)
* build(deps): bump google.golang.org/api from 0.201.0 to 0.203.0
(#1362)
* Avoid race when mutating annotations (#1368)
* Stop using real headers for side channels (#1367)
* fix(sbom): deduplicate SBOM packages by ID (#1366)
* allow key lookups for http (#1365)
* SBOM test cleanup (#1361)
* don't attempt to discover chainguard keys for local file paths
(#1360)
* Work around sendfile bug (#1359)
* Preserve APK timestamps when using dirfs (#1352)
* build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28
(#1351)
* build(deps): bump github.com/klauspost/compress from 1.17.10 to
1.17.11 (#1343)
* build(deps): bump go.opentelemetry.io/otel from 1.30.0 to
1.31.0 (#1346)
* build(deps): bump github/codeql-action from 3.26.12 to 3.26.13
(#1344)
* build(deps): bump chainguard.dev/sdk from 0.1.26 to 0.1.27
(#1347)
* build(deps): bump google.golang.org/api from 0.199.0 to 0.201.0
(#1348)
* build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#1340)
* build(deps): bump github/codeql-action from 3.26.11 to 3.26.12
(#1339)
* build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0
(#1338)
* build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0
(#1335)
* build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#1336)
* Update go to 1.23.2 and golangci-lint (#1334)
* build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to
2.4.1 (#1331)
* build(deps): bump chainguard.dev/sdk from 0.1.25 to 0.1.26
(#1328)
* build(deps): bump golangci/golangci-lint-action from 6.1.0 to
6.1.1 (#1329)
* build(deps): bump github/codeql-action from 3.26.10 to 3.26.11
(#1332)
* build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
(#1333)
* Make etag checks optional (#1327)
* don't attempt to discover keys for file path repos (#1326)
* cleanup: remove Lima documentation (#1325)
* use slog default logger for CG auth exchange (#1324)
* Drop a period from a command's help (#1312)
* build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0
(#1322)
* build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0
(#1320)
* build(deps): bump github/codeql-action from 3.26.9 to 3.26.10
(#1323)
* fix(ci): mark GitHub releases as latest from prerelease (#1277)
* Fail if APKINDEX has single-character lines (#1321)
* build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#1319)
* build(deps): bump github.com/klauspost/compress from 1.17.9 to
1.17.10 (#1315)
* build(deps): bump github/codeql-action from 3.26.8 to 3.26.9
(#1318)
* Cache some more expensive operations (#1317)
* set OCI created annotation (#1316)
* cg auth: fix sometimes (#1314)
-------------------------------------------------------------------
Sat Sep 21 17:09:02 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.2:
* set audience correctly, no https (#1313)
* point to the apk.cgr.dev repo urls (#1311)
-------------------------------------------------------------------
Sat Sep 21 17:06:46 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.1:
* Restore SourceDateEpoch in tarball for melange (#1310)
* build(deps): bump google.golang.org/api from 0.197.0 to 0.198.0
(#1309)
* build(deps): bump github/codeql-action from 3.26.7 to 3.26.8
(#1308)
-------------------------------------------------------------------
Sat Sep 21 17:04:01 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.19.0:
* Keep apk modtime (#1305)
* Delete a bunch of dead code (#1306)
* build(deps): bump chainguard.dev/sdk from 0.1.24 to 0.1.25
(#1301)
-------------------------------------------------------------------
Sat Sep 14 10:35:39 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- BuildRequire go1.23 to fix builds on Leap 16.0
-------------------------------------------------------------------
Sat Sep 14 10:19:09 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.18.1:
* build(deps): bump k8s.io/apimachinery from 0.31.0 to 0.31.1
(#1302)
* build(deps): bump github/codeql-action from 3.26.6 to 3.26.7
(#1304)
* build(deps): bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5
(#1300)
* Keep standalone DiscoverKeys function (#1303)
-------------------------------------------------------------------
Sat Sep 14 10:11:56 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.18.0:
* build(deps): bump google.golang.org/api from 0.196.0 to 0.197.0
(#1298)
* build(deps): bump go.opentelemetry.io/otel from 1.29.0 to
1.30.0 (#1297)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.29.0 to
1.30.0 (#1299)
* build(deps): bump go.step.sm/crypto from 0.51.2 to 0.52.0
(#1296)
* build(deps): bump step-security/harden-runner from 2.9.1 to
2.10.1 (#1295)
* rsa256 (#1256)
* build(deps): bump go.step.sm/crypto from 0.51.1 to 0.51.2
(#1292)
* Add LoongArch architecture definition (#1275)
* build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0
(#1293)
* build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0
(#1294)
* build(deps): bump github/codeql-action from 3.26.5 to 3.26.6
(#1291)
* auth: attempt CG auth if envs are configured (#1279)
* build(deps): bump chainguard.dev/sdk from 0.1.23 to 0.1.24
(#1289)
* build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0
(#1290)
* upgrade to golang 1.23 (#1278)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to
1.29.0 (#1286)
* build(deps): bump github/codeql-action from 3.26.4 to 3.26.5
(#1288)
* build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0
(#1285)
* codeql needs security-events: write (#1281)
* build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0
(#1282)
* build(deps): bump github/codeql-action from 3.26.3 to 3.26.4
(#1283)
* new command: `install-keys` (#1227)
* build(deps): bump github/codeql-action from 3.26.2 to 3.26.3
(#1280)
* Wire up chainctl stderr to os.Stderr (#1274)
* Expose DiscoverKeys (#1273)
* build(deps): bump github/codeql-action from 3.26.1 to 3.26.2
(#1271)
* Expose type of DefaultAuthenticators (#1272)
* build(deps): bump github/codeql-action from 3.26.0 to 3.26.1
(#1266)
* build(deps): bump k8s.io/apimachinery from 0.30.3 to 0.31.0
(#1267)
* build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0
(#1268)
* Revert "drop dependency on go.lsp.dev/uri" (#1262)
* drop dependency on go.lsp.dev/uri (#1259)
* remove custom log package, charm supports it now (#1257)
* drop dependency on heredoc (#1258)
* Bust global caches by default in index tests (#1255)
* build(deps): bump github.com/chainguard-dev/clog from 1.4.0 to
1.5.0 (#1254)
* build(deps): bump chainguard.dev/sdk from 0.1.22 to 0.1.23
(#1251)
* build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0
(#1252)
* build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
(#1250)
* build(deps): bump github.com/sigstore/cosign/v2 from 2.3.0 to
2.4.0 (#1245)
* build(deps): bump github.com/docker/docker from
26.1.4+incompatible to 26.1.5+incompatible in the go_modules
group (#1253)
* build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0
(#1249)
* build(deps): bump github/codeql-action from 3.25.15 to 3.26.0
(#1247)
* build(deps): bump github.com/google/go-containerregistry from
0.20.1 to 0.20.2 (#1246)
* auth: Set username to "user" (#1244)
* build(deps): bump step-security/harden-runner from 2.9.0 to
2.9.1 (#1243)
* set basic chainguard auth (#1242)
* build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 (#1239)
* build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#1240)
* auth: Wrap errors (#1241)
* build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
(#1238)
* build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0
(#1237)
* build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0
(#1235)
* build(deps): bump chainguard.dev/sdk from 0.1.21 to 0.1.22
(#1236)
* allow APK auth using assumable identity (#1230)
* build(deps): bump golangci/golangci-lint-action from 6.0.1 to
6.1.0 (#1233)
* build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to
4.0.4 (#1229)
* build(deps): bump github.com/docker/docker from
24.0.9+incompatible to 26.1.4+incompatible in the go_modules
group (#1232)
* Canonicalize the architecture. (#1231)
* use retryable http client by default (#1228)
* Fix replacing symlinks (#1225)
* Merge architectures (#1226)
* Migrate the configuration locking to `apko`. (#1222)
* build(deps): bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4
(#1220)
* build(deps): bump github/codeql-action from 3.25.13 to 3.25.15
(#1221)
* Create a command similar to `build-minirootfs` for CPIO (#1177)
* build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to
4.0.3 (#1217)
-------------------------------------------------------------------
Thu Jul 25 05:01:50 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.17.0:
* begin a new APK client (#1218)
* remove the concept of Assertions (#1214)
* Implement client-side APK discovery in `apko` (#1216)
* copy annotations to config labels (#1215)
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to
2.3.0 (#1213)
* build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0
(#1211)
* build(deps): bump github/codeql-action from 3.25.12 to 3.25.13
(#1212)
* build(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3
(#1209)
* build(deps): bump github/codeql-action from 3.25.11 to 3.25.12
(#1203)
* build(deps): bump step-security/harden-runner from 2.8.1 to
2.9.0 (#1210)
* build(deps): bump github.com/google/go-containerregistry from
0.20.0 to 0.20.1 (#1208)
* build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1200)
* Remove labels from names and URLs in lockfile (#1163)
* Add `MergeInto` for combining `ImageConfiguration`s (#1206)
* Have the Authenticator support returning errors (#1205)
* Simplify s6 stuff further (#1204)
* Faster NewPkgResolver and GetRepositoryIndexes (#1202)
* Add build.MultiArch.BuildPackageLists (#1201)
* build(deps): bump github.com/google/go-containerregistry from
0.19.2 to 0.20.0 (#1199)
* build(deps): bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3
(#1197)
* fix
* cleanup
* checkout first
* tidy
* index throws nil pointer when no auth set
* build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0
* tests are broken due to incosnsistency package version of
openssl(riscv64) on alpine
* remove more unknown stuff from example, log more
* fail on unknown fields, remove os-release from alpine-slim
* set unknown version ID too
* remove more cruft
* move os-release stuff into pkg/build/sbom.go, unexport
* remove the example
* remove remote include feature
* remove os-release from apko config
* Simplify the resolution logic to use `expandapk.Split` (#1186)
* build(deps): bump go.opentelemetry.io/otel/trace from 1.27.0 to
1.28.0
* build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0
* build(deps): bump github/codeql-action from 3.25.10 to 3.25.11
-------------------------------------------------------------------
Wed Jul 03 19:07:59 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.16.0:
* Fix typo in DefaultAuthenticators
* Don't mutate accounts if base image is set
* accept other apk hosts via env, use rate.Sometimes
* fix unit tests, add StaticAuth
* add TODO
* auth: refactor into Authenticator interface
* Make solving multi-architecture aware
* Refactor into build.Multi, no behavior change
* Expose ignoreSignatures functionality to CLI and library
consumers
* build(deps): bump github.com/chainguard-dev/clog from 1.3.1 to
1.4.0
* example(go): golang example with wolfi base
* build(deps): bump github.com/google/go-containerregistry
-------------------------------------------------------------------
Wed Jun 19 05:11:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.15.0:
* Skip over "." when creating directories
* build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
* Plumb through the notion of build-time repositories.
* whoops
* remove --log-policy flag
* build(deps): bump actions/checkout from 4.1.6 to 4.1.7
* build(deps): bump github/codeql-action from 3.25.8 to 3.25.10
* build(deps): bump k8s.io/apimachinery from 0.29.2 to 0.30.2
* build(deps): bump imjasonh/setup-crane from 0.3 to 0.4
* build(deps): bump github.com/klauspost/compress from 1.17.8 to
1.17.9
* Add note about --repository-append
* Add include-paths to build and lock
* build(deps): bump step-security/harden-runner from 2.8.0 to
2.8.1
-------------------------------------------------------------------
Wed Jun 12 13:34:40 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.9:
* remove all SBOM formats except SPDX
* fix: Add lockfile option to publish command
-------------------------------------------------------------------
Fri Jun 07 19:38:30 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.8:
* Add expandapk.Split and use it
* Fix some lints carried over from go-apk
* update go-apk
* undo diff-causing change
* get outta here submodule
* rm pkg/apk
* go mod tidy
* go away
* goimports -local to make linter a little happier
* WIP: unsplit go-apk
* change deprecated flags
* build(deps): bump goreleaser/goreleaser-action from 5.1.0 to
6.0.0
* build(deps): bump github/codeql-action from 3.25.7 to 3.25.8
* add test that images with old packages can build
* build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0
* appease linter
* fix tests
* use latest go-apk
* enable per-host auth
-------------------------------------------------------------------
Sat Jun 01 09:23:29 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.7:
* ensure homedir respects non-defaults
* build(deps): bump github/codeql-action from 3.25.6 to 3.25.7
-------------------------------------------------------------------
Sat Jun 01 09:10:13 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.6:
* plumb through HomeDir as optional build configuration
* Pull in the auth fix in go-apk (#1145)
* Update internal/cli/build.go
* Update internal/cli/publish.go
* This fixes the boolean logic to pass auth.
* go mod tidy
* support basic HTTP auth
-------------------------------------------------------------------
Thu May 30 08:59:06 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.5:
* fix: redact URLs in config marshaling
* bump go-apk
-------------------------------------------------------------------
Thu May 30 08:52:10 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.4:
* go mod tidy
* bump go-apk
-------------------------------------------------------------------
Sat May 25 15:08:37 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.3:
* spdx: fixup PackageVerificationCode setting
* spdx: fixup filesAnalyzed setting
* spdx: backpopulate supplier & originator for packages
* spdx: Add test case of merging pkg SBOM without supplier
* spdx: rename expected.spdx.json ahead of more tests
-------------------------------------------------------------------
Thu May 23 19:46:28 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.2:
* spdx: Add test of SBOM of packages with custom licenses
* updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor ...
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor ...
* sbom: fixup merging LicensingInfos during Image SBOM generation
* build(deps): bump github/codeql-action from 3.25.4 to 3.25.6
* build(deps): bump actions/checkout from 4.1.5 to 4.1.6
* build(deps): bump github.com/package-url/packageurl-go
* gofmt
* Fix capitalisation style
* spdx: allow specifying custom license
* Bump go-apk
* Bump go-apk to pick up conflict fix
* build(deps): bump goreleaser/goreleaser-action from 5.0.0 to
5.1.0
* Bump go-apk
* linter
* Fix duplicates when overlaying the config with config with no
contents
* build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2
* build(deps): bump golangci/golangci-lint-action from 5.1.0 to
6.0.1
* build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
* build(deps): bump actions/checkout from 4.1.4 to 4.1.5
* build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0
-------------------------------------------------------------------
Thu May 09 15:48:25 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.1:
* default supplier to Chainguard
* fix: remove default supplier for index SBOMs
* build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
* build(deps): bump step-security/harden-runner from 2.7.0 to
2.7.1
* build(deps): bump golangci/golangci-lint-action from 5.0.0 to
5.1.0
* build(deps): bump github/codeql-action from 3.25.2 to 3.25.3
* build(deps): bump go.opentelemetry.io/otel from 1.25.0 to
1.26.0
* build(deps): bump golangci/golangci-lint-action from 4.0.0 to
5.0.0
* build(deps): bump actions/checkout from 4.1.3 to 4.1.4
* build(deps): bump github/codeql-action from 3.25.1 to 3.25.2
* build(deps): bump actions/checkout from 4.1.2 to 4.1.3
* Parse apkindex only once during initialization
* Comment fix
* Refresh make generate
* feat(user): Allow overriding the default shell
* Update sbom-aarch64.spdx.json
* spdx: remove more mentions of files
* build(deps): bump golang.org/x/net in the go_modules group
* Run build script for apko examples if such exists
* Prepare the script to be run as part of github workflow
* Fix golangci-lint
* build(deps): bump github/codeql-action from 3.25.0 to 3.25.1
* build(deps): bump github/codeql-action from 3.24.10 to 3.25.0
* Add example for building on top of base
* Update pkg/build/types/image_configuration.go
* Update internal/cli/build.go
* Address part of the comments from review round 1
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to
2.2.4
* build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0
* Improve getImageForArch - nested index support and lookup of
arch in config
* Build and lock support for base image
* Build and lock support for base image
* Build and lock support for base image
* build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0
* build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
* build(deps): bump github/codeql-action from 3.24.9 to 3.24.10
* build(deps): bump go.opentelemetry.io/otel from 1.24.0 to
1.25.0
* build(deps): bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1
* build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0
* build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to
5.12.0
* Add testdata for apko on top of base image
* build(deps): bump github/codeql-action from 3.24.8 to 3.24.9
* build(deps): bump github.com/charmbracelet/log
* more tests
* fix golden tests
* fix test
* try to fix this test
* ignore Files when generating SBOMs
* build(deps): bump github.com/docker/docker
* build(deps): bump github/codeql-action from 3.24.7 to 3.24.8
* build(deps): bump github.com/google/go-containerregistry
* Add more spans around potentially slow ops
* build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
* Add Harden Runner audit configs
* build(deps): bump actions/checkout from 4.1.1 to 4.1.2
* build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.29.2
* Bump go-apk
* build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to
2.6.3
* build(deps): bump github.com/stretchr/testify from 1.8.4 to
1.9.0
* build(deps): bump github/codeql-action from 3.24.5 to 3.24.6
* Bump go-apk
* build(deps): bump go.opentelemetry.io/otel from 1.22.0 to
1.24.0
* build(deps): bump github/codeql-action from 3.23.2 to 3.24.5
* Store checksum of apko-config in the lock-file to detect
changes in origin.
* Drop creating group log
* Allow apko dot to be cancelled
* build(deps): bump golangci/golangci-lint-action from 3.7.0 to
4.0.0
* Make sure we clean up after ourselves
* Preserve APK hardlinks
* build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
* build(deps): bump github.com/chainguard-dev/clog from 1.3.0 to
1.3.1
* go mod tidy
* fix repro test
* pick up go-apk changes
* move some logs to debug, avoid duplicate work/logs
* Cancel context on interrupt signal
* go mod tidy
* use charmlog @ head to get levels"
* support log-level flag
* Plumb ctx through daemon package
* use charm logger
* build(deps): bump github.com/chainguard-dev/clog
* build(deps): bump github.com/google/go-containerregistry
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.1 to
2.2.3
* build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0
* Make apko dot show errors
* build(deps): bump github/codeql-action from 2.22.6 to 3.23.2
* build(deps): bump actions/setup-go from 4.1.0 to 5.0.0
-------------------------------------------------------------------
Wed Jan 31 14:20:12 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.14.0:
* Bump go-apk to pick up new solver behavior
* Plumb offline flags around more
* Audit workflow permissions (#1017)
* Add test and trailing new line to `apko.lock.json` files.
* simplify logging to use slog
* remove unused MarkDeprecated
* remove unused AdditionalTags method
* drop deprecated options field
-------------------------------------------------------------------
Mon Jan 15 20:42:20 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.13.3:
* build(deps): bump github.com/cloudflare/circl from 1.3.5 to
1.3.7
* Return better error messages for missing config
* Drop multierror for errgroup
-------------------------------------------------------------------
Sun Jan 07 18:12:07 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.13.2:
* build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to
5.11.0
-------------------------------------------------------------------
Sun Jan 07 18:10:34 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.13.1:
* Strip leading slash before sbom ownership check
-------------------------------------------------------------------
Sun Jan 07 18:09:12 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 0.13.0:
* Update NEWS.md for v0.13.0
* Use idb to drive sbom file inclusion
* Add golden tests
* Change testdata to be a bit smaller
* Fix duplicate IDB entries
* build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0
* Update lock.go
* Make sure list of 'repositories' in the 'resolved.json.file' is
complete.
* Again we were not doing post-actions.
* Fixing Lint errors.
* Rename --resolved-file to --lockfile (all over the place).
* Integrate apko with InstallPackages api in go-apk. Support
locked build with --resolved-file.
* Improve the architecture handling.
* Apko interpeting resolved (lock) file: Prototype 1.
* Ensure jsonschema is kept up to date.
-------------------------------------------------------------------
Thu Nov 30 09:08:12 UTC 2023 - kastl@b1-systems.de
- Update to version 0.12.0:
* Update NEWS.md for 0.12.0
* Allow existing packages to replace installed pkg
* Fix packages with multiple Replaces
* Add binary to generate json schema.
* review feedback
* fix and continuously validate SBOMs
-------------------------------------------------------------------
Thu Nov 16 14:56:08 UTC 2023 - kastl@b1-systems.de
- Update to version 0.11.3:
* Update release.md
* Create release.md
* Drop cloud keychains
* Try to approximate ~ in apko dot
* build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7
* build(deps): bump github/codeql-action from 2.22.5 to 2.22.6
* build(deps): bump golang.org/x/term from 0.13.0 to 0.14.0
* build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to
2.2.1
* update go-apk dependency
* build(deps): bump go.opentelemetry.io/otel from 1.19.0 to
1.20.0
* build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0
* build with go 1.21
* use main
* use pushed PR
* WIP: use forked alpine-go in go-apk
* cleanup: remove unused flags
* build(deps): bump github.com/docker/docker
-------------------------------------------------------------------
Mon Oct 30 19:10:59 UTC 2023 - kastl@b1-systems.de
- Update to version 0.11.2:
* Update NEWS.md for v0.11.2
* Bump go-apk to fix solver
* build(deps): bump github/codeql-action from 2.22.4 to 2.22.5
* build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6
-------------------------------------------------------------------
Fri Oct 27 04:54:37 UTC 2023 - kastl@b1-systems.de
- Update to version 0.11.1:
* Update NEWS.md for 0.11.1
* Pass UID and GID mapping to the tarball writer
* Add json tags to ImageConfiguration types.
* build(deps): bump github/codeql-action from 2.22.1 to 2.22.4
* build(deps): bump actions/checkout from 4.1.0 to 4.1.1
* drop sync-issues-to-project-board.yaml not used anymore
* streamline release workflow
* call ImageConfiguration()
* Remove Trailing / if there any
* Fixed the make-devenv script
-------------------------------------------------------------------
Thu Oct 19 06:24:13 UTC 2023 - kastl@b1-systems.de
- Update to version 0.11.0:
* Update NEWS.md
* Clone image config's env to avoid race
* feat: implement resolve command
* build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0
* build(deps): bump sigs.k8s.io/release-utils
* build(deps): bump go.opentelemetry.io/otel from 1.18.0 to
1.19.0
* build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0
* Add additional error info when trying to run as a root user.
* build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
* build(deps): bump github/codeql-action from 2.21.7 to 2.22.1
* change Use and error msg
* build(deps): bump actions/checkout from 4.0.0 to 4.1.0
* dot: show version in node label
* ensure propagated logger is used
* Add apko dot command
* build(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to
5.9.0
* build(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to
2.2.0
* build(deps): bump gitlab.alpinelinux.org/alpine/go
* chore: remove CODEOWNERS file
* build(deps): bump goreleaser/goreleaser-action from 4.4.0 to
5.0.0
* build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
* fix: Development typo
* build(deps): bump k8s.io/apimachinery from 0.28.1 to 0.28.2
* upgrade Go to 1.21 and several ci updates
* update version comments
* update version comments
* build(deps): bump go.opentelemetry.io/otel from 1.17.0 to
1.18.0
* Write index as layout if target is a directory
* Close tarfs files
* Bump go-apk
* Bump go-apk
* Drop dependency on deleted packages
* Allow replacement by different origin
* build(deps): bump actions/checkout from 3.6.0 to 4.0.0
* build(deps): bump golang.org/x/term from 0.11.0 to 0.12.0
* Don't buffer everything
* Expose tarfs
* Use tarfs implementation for publish/build
* Add an internal tarfs implementation
* Don't require testify
* Bump go-apk
* build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
* Plumb --offline flag
* add tests to publishCmd for --sbom-path
* fix: publish cmd --sbom-path not writing files
* build(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0
* Pass a whole fs instead of a workdir to build
* upgrade go-apk to 20230827 snapshot
* build(deps): bump k8s.io/apimachinery from 0.27.3 to 0.28.1
* build(deps): bump github.com/package-url/packageurl-go
* build(deps): bump actions/checkout from 3.5.3 to 3.6.0
* build(deps): bump golang.org/x/term from 0.9.0 to 0.11.0
* fix: publish --stage-tags missing generated tags
* Don't call build.New for index SBOM
* Set reasonable concurrency levels for pgzip
* remove build options
* build(deps): bump golangci/golangci-lint-action from 3.6.0 to
3.7.0
* build(deps): bump github/codeql-action from 2.20.0 to 2.21.4
* build(deps): bump goreleaser/goreleaser-action from 4.3.0 to
4.4.0
* fix: incorrect arch tag equality detection
* build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
* build(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0
* Remove ldconfig step from build
* build(deps): bump github.com/google/go-containerregistry
* fix: assignment to nil map when using annotations via CLI flag
* update NEWS.md for 0.10.1
* Improve path mutation errors
* improve error messages when mutating paths
* Update NEWS.md
* Optimize SBOM generation
* build(deps): bump github.com/klauspost/pgzip from 1.2.5 to
1.2.6
* build(deps): bump github.com/cloudflare/circl from 1.2.0 to
1.3.3
* Update README.md
-------------------------------------------------------------------
Tue Aug 01 13:05:39 UTC 2023 - kastl@b1-systems.de
- Update to version 0.10.0:
* fix --workdir
* restore handling of packageTag CLI flags for publish
* Remove sbom generator indirection
* Split publishing and loading
* Inline apk package (mostly) to use go-apk directly
* Stop exposing build.Context fields
* Add a test to catch SBOM changes
* Remove WantSBOM and GenerateSBOM
* Remove buildImplementation
* Add a test to verify no output changes
* Remove unused executor package
* when setting SOURCE_DATE_EPOCH, ensure string is not blank
* Pull in the latest changes to go-apk (#802)
* Don't compute layer hash twice
* bump go-apk
* work with no cache when cache-dir is not set and HOME is not
set
* report error when cannot create apkimpl object
* Bump lint
* Fix race
* Bump go to 1.20
* Bump go-apk
* Add 4MiB bufio for pgzip
* Bump go-apk to pick up faster installs
* Switch from pargzip to pgzip
* Bump go-apk dep to pick up otel spans
* Add otel spans
- BuildRequire go1.20
-------------------------------------------------------------------
Mon Jul 03 06:12:20 UTC 2023 - kastl@b1-systems.de
- Update to version 0.9.0:
* add release notes for 0.9.0
* update go-apk component to 20230630 snapshot
* go mod tidy
* bump go-apk dep to stop fetching alpine keys all the time
* base ci tests on examples
* build(deps): bump github.com/sigstore/cosign/v2
* Always pass WithLogger first
* Always UTC time.Unix (#758)
* Pull in go-apk timestamp change (#757)
* Bump go-apk, deduplicate extras
* add annotations to index manifest
* add optional oci volumes field to resulting image config
* go-apk with support for pinned pre-existing as deps
* improved show-packages output
* build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#679)
* Address go vulnerabilities
* Pull in
https://gitlab.alpinelinux.org/alpine/go/-/merge_requests/25
(#742)
* Update go-apk to pull in Jon/Avi's changes (#746)
* build(deps): bump golangci/golangci-lint-action from 3.4.0 to
3.6.0 (#739)
* build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#740)
* build(deps): bump goreleaser/goreleaser-action from 4.2.0 to
4.3.0 (#741)
* build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0
(#734)
* build(deps): bump github/codeql-action from 2.3.2 to 2.20.0
(#745)
* bump go-apk to inherit increased debug logging
* Remove build implementation interface
* safe rename
* fix apk caching
* support for apk package caching
* restructure oci package
* unify publish and build commands
* avoid nil panic
* lint
* change how default envs are set
* Test PublishCmd
* Add a no-op test for PublishCmd
* Check that images have the correct layers
* Pass remoteOpts to publishIndex
* run tests with race detector
* Revert "Remove some more indirection"
* Revert "Finish the argument movement"
* fix: pass --extra-packages correctly
* extend summarize to provide the rest of the options
* Move default remote options out of library
* adds warning when etc/os-release is actually generated
* Finish the argument movement
* Remove some more indirection
* appease linter
* add --extra-packages, deprecate build options
* bump go-apk to fix infinite symlinks
* Stop using tarball.LayerFromFile
* Fix CI (#701)
* Remove indirection for apk implementation
* add option to change directory before executing
* use upstream go-apk tarball functionality
* Fix annotations.
* build(deps): bump github.com/stretchr/testify from 1.8.2 to
1.8.3
* build(deps): bump github.com/sirupsen/logrus from 1.9.0 to
1.9.2
* go-apk with proper error messages for arch with missing
APKINDEX
* Fix the error wrapper (#677)
* Fix stupid boolean logic bug (#678)
* Feature: Compute the default timestamp from installed APKs
(#675)
* Add test of determinism (#668)
* latest go-apk with consistent file ordering
* Fix: add timeouts to several actions legs. (#672)
* Fix: Explicitly default the `SourceDateEpoch` (#671)
* Cleanup: Make the Services type more concrete. (#664)
* Cleanup: Use a string alias instead of struct. (#663)
* bump go-apk to include world newline fix
* Update pkg/build/types/types.go
* document the fields in types/
* update go-apk to include race prevention
* build(deps): bump gitlab.alpinelinux.org/alpine/go
* use external apk-go library
* add hotfix for alpine-go
* apk: install: add support for replaces
* build(deps): bump github/codeql-action from 2.2.12 to 2.3.2
-------------------------------------------------------------------
Mon May 01 06:16:11 UTC 2023 - kastl@b1-systems.de
- Update to version 0.8.0:
* update NEWS for apko 0.8.0.
* allow overwrite of existing file if origin matches
* better sort order for packages when writing to apk/db/installed
* Plumb context
* Optimize ggcr interactions
* add ability to read busybox links from package manifest
* report complete yaml when fail to build, if debug is enabled
* handle versioning in provides
* add testcase for alpine python3~3.11 change
* version: fix tilde matching in packageNameRegex
* add optional support for self-package resolution
* Update pkg/apk/impl/version.go
* add support for tilde matcher
* iocomb: try to make log target parent directory if necessary
* cli: use iocomb.Combine to combine multiple log outputs into a
log policy
* add iocomb package
* internal: cli: use NewLogger as needed to instantiate the
logger
* log: adapter: default log level to InfoLevel
* build: add WithLogger option to set a context logger
* log: add output to NewLogger and add DefaultLogger for stderr
logging
* options: default to using io.Discard for logging
* return all matches for PkgResolver.ResolvePackage
* exec: update tests to use log.Logger instead of logrus
* apk: update tests to use log.Logger instead of logrus
* log: introduce Adapter type
* everywhere: use abstract logger type, remove logrus from
internals
* expose GetRepositoryIndexes
* expose GetPackage to resolve a single package with constraints
* use interface to pass to NewPkgResolver
* build(deps): bump actions/checkout from 3.5.0 to 3.5.2
* build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
* fix mid-level symlinks for native-memfs
* native in-memory filesystem
* busybox install ignore existing link or file
* Remove duplication, add make target
* build(deps): bump github.com/sigstore/cosign/v2 from 2.0.0 to
2.0.1
* build(deps): bump github/codeql-action from 2.2.10 to 2.2.11
* log: formatting enhancements
* build(deps): bump golang.org/x/term from 0.6.0 to 0.7.0
* build(deps): bump github/codeql-action from 2.2.9 to 2.2.10
* feat: send useragent in HTTP requests
* appease linter
* apk: downgrade package-level install notices to debug
* add internal logging package
* build(deps): bump github.com/docker/docker
* build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
* build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
* ensure truncate when creating new file in case one already was
there
* Change the busybox detection logic to support "provides".
* Add docs on stop-signal.
* Add StopSignal support.
* update NEWS for apko 0.7.3.
* build(deps): bump github/codeql-action from 2.2.7 to 2.2.9
* Add codeowners
* build(deps): bump actions/checkout from 3.4.0 to 3.5.0
* Add CI test harness
* Add SBOM quality CI test
* When build and publish, carry buildcontext to sbom generation
* create homedir 0700, but parents 0755
* record when writing symlinks to case-sensitive
* generate list of links for busybox
* build: accounts: go back to using 0o755 permissions for the
homedir
-------------------------------------------------------------------
Sun Mar 19 14:00:06 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
- new package apko
Reference in New Issue View Git Blame Copy Permalink